On Thursday, June 24, 2004, 10:50:34 AM, Herb wrote: HG> In the last couple days we are seeing quite an increase in the amount of HG> spam leaking past sniffer and declude. Anyone else seeing this?
We have quite a spam storm going... I personally had a 4 hour rule coding session last night - all new rules, hundreds, and hundreds of new spam loosed on the world. I think we're getting through this pulse though. See: http://www.sortmonster.com/MessageSniffer/Performance/ChangeRates.jsp Seems almost like they were taking the weekend off (see day 4,5,6) Days Ago Adjustments -------- ----------- 0 540 1 409 2 344 3 411 4 169 5 210 6 385 7 853 8 341 9 365 10 302 11 177 12 299 13 207 14 680 Day 2 showed nominally, but since then 409 + 540. The 540 for today is just what's been coded so far - it's beginning to look like we're headed for another ~1000 rule day. There seems to be a recent pattern emerging where there are large spikes followed by relatively lower, more stable numbers. Note the spike in progress today (day 0), back on day 7, and again on day 14. Some of this is clearly associated with weekends and a lack of reports from user submissions - but certainly not all of it. We are working to expand our spamtrap network so that our training inputs can be more consistent. Anyone with clean spamtraps that we are not yet seeing should let us know at support@ if they are willing to share. We can set up special addresses for collecting this data and reviewing it. (We treat spamtraps differently than submissions to spam@) Another thing I've noted is that the ROKSO folks are on the move... that is, the heavy spamers listed in ROKSO _seem_ to be on a run to light up new IPs - especially in smaller blocks (/25, /28, etc...) This isn't usually what we see - It makes me think that some of them have decided to try some new things and we're just not in the loop yet as to what those new things are. It's mostly intuition because the data is still to fuzzy, but something is going on. I look forward to any other thoughts folks may have. My $0.02 _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
